Debian Package Tracker

general

source: poppler (source, devel)
version: 0.48.0-2
maintainer: Loic Minier [DMD] [LowNMU]
uploaders: Pino Toscano [DMD] – Josselin Mouette [DMD]
arch: all any
std-ver: 3.9.8
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.18.4-6
o-o-sec: 0.18.4-6+deb7u1
o-o-bpo: 0.26.5-2+deb8u1~bpo70+1
oldstable: 0.26.5-2+deb8u1
old-sec: 0.26.5-2+deb8u1
stable: 0.48.0-2
testing: 0.48.0-2
unstable: 0.48.0-2

versioned links

0.18.4-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.18.4-6+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.26.5-2~bpo70+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.26.5-2+deb8u1~bpo70+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.26.5-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.48.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gir1.2-poppler-0.18
libpoppler-cpp-dev
libpoppler-cpp0v5
libpoppler-dev
libpoppler-glib-dev
libpoppler-glib-doc
libpoppler-glib8
libpoppler-private-dev
libpoppler-qt4-4
libpoppler-qt4-dev
libpoppler-qt5-1
libpoppler-qt5-dev
libpoppler64
poppler-dbg
poppler-utils

action needed

A new upstream version is available: 0.56.0

high

A new upstream version 0.56.0 is available, you should consider packaging it.

Created: 2017-01-17 Last update: 2017-06-27 01:15

5 security issues in sid

high

There are 5 open security issues in sid.

5 important issues:

CVE-2017-9406: In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9865:
CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
CVE-2017-9408: In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

Please fix them.

Created: 2017-06-03 Last update: 2017-06-26 07:39

7 security issues in wheezy

high

There are 7 open security issues in wheezy.

3 important issues:

CVE-2017-9865:
CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

4 issues skipped by the security teams:

CVE-2017-9406: In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
CVE-2013-4473: Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
CVE-2013-4474: Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.
CVE-2017-9408: In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.

Please fix them.

Created: 2015-07-12 Last update: 2017-06-26 07:39

5 security issues in buster

high

There are 5 open security issues in buster.

5 important issues:

CVE-2017-9406: In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9865:
CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
CVE-2017-9408: In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

Please fix them.

Created: 2017-06-18 Last update: 2017-06-26 07:39

5 security issues in jessie

high

There are 5 open security issues in jessie.

3 important issues:

CVE-2017-9865:
CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

2 issues skipped by the security teams:

CVE-2017-9406: In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9408: In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.

Please fix them.

Created: 2017-06-03 Last update: 2017-06-26 07:39

5 security issues in stretch

high

There are 5 open security issues in stretch.

3 important issues:

CVE-2017-9865:
CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

2 issues skipped by the security teams:

CVE-2017-9406: In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9408: In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.

Please fix them.

Created: 2017-06-03 Last update: 2017-06-26 07:39

Multiarch hinter reports 2 issue(s)

normal

There are issues with the multiarch metadata for this package.

libpoppler-glib-dev could be marked Multi-Arch: same
libpoppler-qt4-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2017-06-27 01:23

19 bugs tagged patch in the BTS

normal

The BTS contains patches fixing 19 bugs (20 if counting merged bugs), consider including or untagging them.

Created: 2017-01-17 Last update: 2017-06-27 01:02

lintian reports 2 warnings

normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-07-27 Last update: 2016-11-06 01:08

Build log checks report 1 warning

low

Build log checks report 1 warning

Created: 2016-06-10 Last update: 2016-06-10 12:56

news

[rss feed]

[2017-04-04] Accepted poppler 0.26.5-2+deb8u1~bpo70+1 (source amd64 all) into wheezy-backports->backports-policy, wheezy-backports (Paul Wise)
[2016-11-18] poppler 0.48.0-2 MIGRATED to testing (Debian testing watch)
[2016-11-05] Accepted poppler 0.48.0-2 (source) into unstable (Pino Toscano)
[2016-10-10] Accepted poppler 0.48.0-1 (source amd64 all) into experimental, experimental (Pino Toscano)
[2016-06-15] poppler 0.44.0-3 MIGRATED to testing (Debian testing watch)
[2016-06-09] Accepted poppler 0.44.0-3 (source) into unstable (Pino Toscano)
[2016-06-02] poppler 0.44.0-2 MIGRATED to testing (Debian testing watch)
[2016-05-27] Accepted poppler 0.44.0-2 (source) into unstable (Pino Toscano)
[2016-05-22] Accepted poppler 0.44.0-1 (source amd64 all) into experimental, experimental (Pino Toscano)
[2016-05-03] Accepted poppler 0.43.0-1 (source amd64 all) into experimental, experimental (Pino Toscano)
[2016-05-02] Accepted poppler 0.26.5-2+deb8u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Pino Toscano) (signed by: Moritz Mühlenhoff)
[2016-05-01] poppler 0.38.0-3 MIGRATED to testing (Debian testing watch)
[2016-04-25] Accepted poppler 0.38.0-3 (source) into unstable (Pino Toscano)
[2015-12-15] poppler 0.38.0-2 MIGRATED to testing (Debian testing watch)
[2015-12-09] Accepted poppler 0.38.0-2 (source) into unstable (Pino Toscano)
[2015-12-03] Accepted poppler 0.38.0-1 (source amd64 all) into experimental, experimental (Pino Toscano)
[2015-09-07] poppler 0.26.5-4 MIGRATED to testing (Britney)
[2015-08-29] Accepted poppler 0.26.5-4 (source amd64 all) into unstable, unstable (Pino Toscano) (signed by: Lisandro Damián Nicanor Pérez Meyer)
[2015-08-01] poppler 0.26.5-3 MIGRATED to testing (Britney)
[2015-07-26] Accepted poppler 0.26.5-3 (all source) into unstable (Pino Toscano) (signed by: Lisandro Damián Nicanor Pérez Meyer)
[2014-11-06] Accepted poppler 0.28.1-1 (source amd64 all) into experimental, experimental (Pino Toscano)
[2014-10-30] poppler 0.26.5-2 MIGRATED to testing (Britney)
[2014-10-19] Accepted poppler 0.26.5-2 (source amd64 all) into unstable (Pino Toscano)
[2014-10-03] poppler 0.26.5-1 MIGRATED to testing (Britney)
[2014-09-27] Accepted poppler 0.26.5-1 (source amd64 all) into unstable (Pino Toscano)
[2014-08-28] poppler 0.26.4-1 MIGRATED to testing (Britney)
[2014-08-22] Accepted poppler 0.26.4-1 (source amd64 all) into unstable (Pino Toscano)
[2014-07-31] Accepted poppler 0.12.4-1.2+squeeze4 (source amd64) into squeeze-lts (Raphael Geissert)
[2014-07-26] poppler 0.26.3-1 MIGRATED to testing (Britney)
[2014-07-20] Accepted poppler 0.26.3-1 (source amd64 all) (Pino Toscano)

bugs [bug history graph]

all: 101 106
RC: 0
I&N: 68 72
M&W: 33 34
F&P: 0

links

homepage
lintian (0, 2)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.48.0-2ubuntu2
95 bugs (4 patches)
patches for 0.48.0-2ubuntu2